CVE-2026-24445

Name of the Vulnerable Software and Affected Versions WebSocket Application Programming Interface (affected versions not specified)

Description The WebSocket Application Programming Interface does not limit the number of authentication requests. This lack of rate limiting could enable an attacker to perform denial-of-service attacks by suppressing or misrouting legitimate charger telemetry, or to conduct brute-force attacks to gain unauthorized access. The API endpoint is susceptible to abuse due to the absence of restrictions on authentication attempts. An attacker could exploit this by sending a high volume of requests to the /websocket endpoint, potentially overwhelming the system and disrupting legitimate services. The vulnerable parameter is the authentication request itself.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.